Let’s say you’ve just had a pen test or security scan performed on your application. You review the list of findings and get to work on remediation. Apart from obvious shortcomings of any individual single assessment technique, you may also be doing a disservice to meeting your business goals.

The country is at war and it is a cyber security war. The enemies are many, diverse and competent and fighting a defensive war is not the best way to win.
Cyber security war is like any other war- taking the offensive will improve your chances of success. Like any other war, the cyber security war requires proper planning for success and a total winning strategy. Half hearted measures will not ...

You can be doing all the right things, adding immense value to your customer and helping your company build a great brand. When a contract changes even incumbents are suddenly “on the bench” or “between projects” or “on overhead” . You are no longer billable. As a result you have now moved from a profit-generator to a cost center. When this happens you are at risk.

Two factor authentication solutions have been around for a number of years. While these additional processes certainly go some way to improve security, and reduce the significance of the account password, it highlights a few interesting issues, mainly that password based authentication is still a weak link.

Since somewhere as early as 2007 the various US intelligence and Law Enforcement agencies used the law to gain access to information harvested by tech giants such as Microsoft, Google, Apple, Yahoo, Facebook, Skype and Youtube.

Knowing the reality and reasons behind cyberattacks, it’s time to stop talking and start offering resolution to these serious problems. There is no "it won’t happen to me" anymore. We must immediately deploy prevention and detection technologies to our critical processes or frankly, we could lose it all.

The NSA is tapping into our digital lives, monitoring voice calls, emails, social media, and who-knows-what-else. I understand, and try to live by, one of the best pieces of advice I’ve ever received on the topic of privacy: “assume that everything you do and say is being watched and heard, always.”

RESTful architectures have been the general buzz of websites for the last few years. The simplicity, scalability and statelessness of this approach to client-server communications has been adopted by many of the top social sites such as Twitter and Facebook. Why? Well, in their specific cases, developer adoption is a huge priority.

You can in fact obscure a lot of what you do online and through telco but you have to be diligent. It means time and sometimes money (burn phones or laptops in some cases) to obfuscate as much as you can.

Privacy and Security: Both are mandatory – and necessary. Privacy is inherent in our contemporary understanding of democracy, whereas security requires intelligence. The challenge lies in being able to find the right balance while avoiding excesses.

The low barrier-of-entry for PHP allows inexperienced developers act like engineers and publish insecure code. These developers may be developing useful stuff, but they simply don't understand security.

Continuing the security industry trend of publishing infographics, the folks at Enterprise Strategy Group published an infographic that illustrates some of the challenges associated with web application security.

A security check list is a list of security controls that a vendor or application must meet. These controls can range from how storage back up is to be done, to password complexity requirements. Having a checklist can help you in deciding if the application or vendor conforms to your company’s security requirements.

Many automated scanning solutions are outstanding in their cost effectiveness and ability to find certain classes of vulnerabilities. For example, a properly-configured static analysis solution may help you find every instance of potential SQL injection in your software.